There's A Reddit Clone Phishing People Who Type Too Fast

People make mistakes, and that's why Gooogle.com, Yaho.com and Amazan.com redirect to the websites you'd hope they would point to. Reddit.co? We don't recommend you visit it.

It's common practice - codified in the days before browser autocomplete - for major websites to register misspelled domains and have them jump to the name butterfingered users meant to type. Among the most common mistakes is failing to add the "m" to a .com domain, which points to the valid top-level domain for Colombia (.co). Facebook, YouTube, Amazon and Yahoo all redirect .co domains. But security researcher Alex Muffett discovered that Reddit.co now displays a clone of the link aggregation site that steals visitors' usernames and passwords should they log in accidentally.

HEADSUP: Looking for infosec people at @Reddit. Website at (phishing?) domain reddit(.)co — using the Colombian TLD — was acting a pitch-perfect apparent MITM of the actual Reddit. Now returning 500 before I could screenshot it. Domain ownership is as-follows: pic.twitter.com/hpucMroumd

Muffett expressed disbelief that the .co registry would allow anyone to register the name. But more surprising is that this phishing clone isn't the result of an opportunistic hacker nabbing Reddit.co as soon as its registration lapsed. Going back to 2010, Reddit, the 13th most popular site in the US, has never owned the domain despite many opportunities to do so.

According to Domain Tools, Reddit.co was never registered before July of 2010, about five years into Reddit's life, and during the period "the frontpage of the internet" was under the auspices of Conde Nast. Various archives show the url pointed to a Flash games site and a porn cam site, but mostly the domain was a parking page for interested parties to buy the name.

Of course, not every contingency can be prepared for. Gooogle.com and Google.co might take a sloppy typer to a search engine. Goggle.com, however, is a white webpage with only the word "goggle" on it.

We've reached out to Reddit to see if the company attempted to buy Reddit.co at some point. In the mean time, double check your browser to be sure you're really on Reddit.

Trending Stories Right Now

After a rocky start with the Pixel 1 (which remains one of the ugliest phones made this decade), a big—but still not fully realised — improvement on the Pixel 2, the Pixel 3 came out and finally made good on Google’s homegrown phone initiative.
And unlike phones from Samsung or Huawei, the Pixel 3 achieved this not by hitting users over the head with tons of cameras or far-out hardware, it did it in the most Google way possible: With nifty software, intuitive design, and AI-powered smarts.

Mark Rober really loves to build things. So when this home electronics tinkerer discovered that some neighbourhood thieves were ripping off Amazon packages from his porch, he did what any self-respecting former NASA engineer would do: He built a glitter bomb made to look like a boxed-up Apple HomePod, and he built it to capture video of the entire thing.